Do you remember last Christmas? Target lost data from about 40 million credit and debit cards that were stolen at its stores between Nov. 27 and Dec. 15, the height of the holiday shopping period. Thieves tampered with the sales terminals' card swipers to gain access to the data stored on the magnetic stripe on the back of credit and debit cards.

What do all these security issues have in common? All are breaches that occurred from internal systems -- systems in which IT departments were in direct control.

The problem is that many people equate control with security. Many CIOs have told me they need to have complete control of their servers to ensure they're secure. Well, all major security breaches occur in systems that are under IT's "direct control." You never hear about them, unless they're as spectacular and far-reaching as Sony's and Target's breaches.

People who say they will not move to the public cloud due to the lack of control, which they argue means lack of security, are not living in the real world. Security -- cloud or not -- is measured by the amount of planning and technology that goes into ensuring the data is effectively protected. It's not about where the data resides.

In fact, we're seeing data that's actually more secure on public clouds than it was on internal systems. Indeed, the breaches continue to focus on unsecured local systems, with public clouds largely spared thus far.

Control does not equal security, and it never did. Those who continue to push back on cloud computing using security as an excuse, without understanding the real issues, are doing their businesses a disservice.

David S. Linthicum is a consultant at Cloud Technology Partners and an internationally recognized industry expert and thought leader. Dave has authored 13 books on computing and also writes regularly for HPE Software's TechBeacon site.